Deadly Cyberattacks Highlight the Need for a Cybersecurity Upgrade

It was Aug. 17, 2009 — just over four years ago. The location was Siberia, at the sixth largest hydro-dam in the world. It’s a place called Sayano-Shushenskaya.

The tips of the turbine that the witness saw spinning moved at near-supersonic speed, generating 475 megawatts of power. That’s enough electricity to light up a city of more than half a million people. And then the entire device blew straight up, right out of its housing. Within moments, the death toll at Sayano-Shushenskaya was 75. The entire hydro-dam electrical output, totaling 6,400 megawatts — about the equivalent of three nuclear power plants — went offline, representing an immediate loss of over 10% of the power in the Russian Far East.

According to Gen. Keith Alexander, head of the U.S. National Security Agency, a power grid operator nearly 500 miles away sent a rogue command to the Sayano-Shushenskaya hydro-dam control complex. Basically, the grid managers who control the Siberian region wanted more electricity in the wires to meet the load. Evidently, the distant signal caused floodgates to open. This allowed more water to pass through to Turbine No. 2. But the increased water flow caused a “hammer” effect on the spinning machinery, which exceeded the design parameters for this particular element of the complex. Turbine No. 2 accelerated too fast.

The point to keep in mind is that the Sayano-Shushenskaya hydro-dam disaster was a cyberattack. You can characterize it as an accident in the nature of “friendly fire.” But overall, this cascading wave of destruction was triggered by a bad computer command.